vnc_scanning_inside_to_outside
Explanation
The vnc_scanning_inside_to_outside Netography detection model (NDM) is designed to identify any internal VNC scanning activity targeting external destination hosts. It works by monitoring traffic on the network and analyzing it for any signs of VNC scanning activity originating from within the network. The NDM can detect both successful and unsuccessful VNC connection attempts.
What to Look For
If the vnc_scanning_inside_to_outside NDM has an event triggered, it is important to analyze the source IP address of the VNC scanning activity and investigate whether the activity was malicious or not. If the activity was not authorized, immediate remediation steps should be taken to prevent any further unauthorized attempts to access the affected system or systems.
Related MITRE ATT&CK Categories
Updated 20 days ago